From b6b8a6587c399bfd89e13e92ce04ee8486688e6e Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xssn.at>
Date: Tue, 18 Jan 2011 19:12:36 +0100
Subject: disable do_paste due to bot problems

There are still bots which are able to trick the hidden email field and
they upload phishing pages which let to paste.xinu.at being listed.

Signed-off-by: Florian Pritz <bluewind@xssn.at>
---
 system/application/controllers/file.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'system/application/controllers/file.php')

diff --git a/system/application/controllers/file.php b/system/application/controllers/file.php
index adde14927..a11255986 100644
--- a/system/application/controllers/file.php
+++ b/system/application/controllers/file.php
@@ -124,8 +124,12 @@ class File extends Controller {
 	// support textareas on the upload form
 	// XXX: This requires users of suhosin to adjust maxium post and request size
 	// TODO: merge with do_upload()
+	// XXX: this is too vulnerable to bots
 	function do_paste()
 	{
+		// FIXME: disable until bot problem is really fixed
+		return $this->upload_form();
+
 		$data = array();
 		$content = $this->input->post('content')."\n";
 		$extension = $this->input->post('extension');
-- 
cgit v1.2.3-24-g4f1b